[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: 2.1 upgrade issue

> As 2.1.6 is considered the most stable version available, I attempted to
> upgrade from 2.0.x this weekend and failed pretty miserably.  Even my
> LDIF dump of the 2.0.x databases weren't compatible and had to be
> manually modified for slapadd to not complain about them.  The most
> strange issue is that browsing beyond the root of the directory is not
> possible, although ldapsearch does work if a deeper search base is
> specified.  Then there's the lack of LDAP2 binds, which I found how to
> configure around from the list archives.

(Replying to my own post here...)

I've pulled a bit more info from slapd.  It seems the "No such object"
errors  with the search base of the root appear to be a typical
"insufficient access":

conn=14 op=0 BIND dn="" method=128
conn=14 op=0 RESULT tag=97 err=0 text=
conn=14 op=1 SRCH base="dc=ivy,dc=tec,dc=in,dc=us" scope=2
conn=14 op=1 RESULT tag=101 err=32 text=
conn=14 op=2 UNBIND

However, this is with only a single ACL: access to * by * read.  Change
the search base to one level below the root, say,
ou=people,dc=ivy,dc=tec,dc=in,dc=us, and everything works as expected.  So
why not at the root?

Further troubles: Passwords encrypted with the typical {CRYPT} hashes seem
to no longer work: I can't bind against them anymore:

conn=0 op=0 BIND
conn=0 op=0 RESULT tag=97 err=49 text=

..."Invalid credentials."

So I ask again: Is there a document anywhere outlining the changes in
operation made since v2.0.x?  Does anyone have any suggestions on how to
make the migration smoothly?


John Madden
UNIX Systems Engineer
Ivy Tech State College